General
-
Target
8a46b3bd24b5955c64eccdfa866ed5ac7850e73f1745253493b05ecf8479f306
-
Size
292KB
-
Sample
220706-mmxbssbgek
-
MD5
726312fff5e118f803edccaef2207dfb
-
SHA1
eddac1a11ab1ca328cd4f7e9bdcc07ed4f1c82d3
-
SHA256
8a46b3bd24b5955c64eccdfa866ed5ac7850e73f1745253493b05ecf8479f306
-
SHA512
2fc2f95ef16d9647fb0aff2e67ef5e511123facd631fff950ae1688a1f8348209dff8f8df8a36684cb07272d5924f0fd53a74eb5c3db11e32d72b0d91ab4dce2
Static task
static1
Malware Config
Extracted
redline
ib1.4
levelcupsecurity.eu:80
-
auth_value
363e918b58f663fdb3c6d525cf98d4b0
Targets
-
-
Target
8a46b3bd24b5955c64eccdfa866ed5ac7850e73f1745253493b05ecf8479f306
-
Size
292KB
-
MD5
726312fff5e118f803edccaef2207dfb
-
SHA1
eddac1a11ab1ca328cd4f7e9bdcc07ed4f1c82d3
-
SHA256
8a46b3bd24b5955c64eccdfa866ed5ac7850e73f1745253493b05ecf8479f306
-
SHA512
2fc2f95ef16d9647fb0aff2e67ef5e511123facd631fff950ae1688a1f8348209dff8f8df8a36684cb07272d5924f0fd53a74eb5c3db11e32d72b0d91ab4dce2
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Drops startup file
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-